So said Edna Conway, chief security strategist at Cisco, speaking recently at the Microsoft Security Development Conference, in San Francisco.
She said the supply chain is a critical competitive differentiator, and faces many challenges. According to Conway, Cisco has a controlled product model that is 100-percent outsourced. Other challenges include its wide range of products - most of which are configured to order - the breadth of its customers and acquisition integration, considering Cisco has so far acquired 180 companies.
The challenge is doing the right thing in the supply chain at the right time. "We have to get security right, and apply it across the supply chain. We need to think end-to-end. Introduce a security model that moves away from the endpoint. We need to capture failures within the supply chain, so the customer is never affected."
She said supply chain security has several key focus areas: malicious notifications and substitution of technology; counterfeit products, both raw and finished; security in times of supply chain disruption; and finally, misuse of intellectual property.
Speaking of areas of supply chain security discipline, she says security must be built into development, otherwise the methodology will fail.
